Vulnerability Details : CVE-2021-31833
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.
Products affected by CVE-2021-31833
- cpe:2.3:a:mcafee:application_and_change_control:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-31833
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-31833
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
McAfee (DEFUNCT) | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
Trellix |
CWE ids for CVE-2021-31833
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by:
- psirt@mcafee.com (Primary)
- trellixpsirt@trellix.com (Secondary)
References for CVE-2021-31833
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10370
Security Bulletin - Application and Change Control update fixes one vulnerability (CVE-2021-31833)Broken Link
Jump to